Univention Bugzilla – Bug 47598
Slave fails to join - ldap/data.mdb missing
Last modified: 2020-07-03 20:53:24 CEST
+++ This bug was initially created as a clone of Bug #41782 +++ A customer tried to join a new UCS Slave, but the local LDAP server does not get started. Both > slaptest -f /etc/ldap/slapd.conf and > slapschema -f /etc/ldap/slapd.conf error out with > mdb_db_open: database "dc=im,dc=dew,dc=ngo" cannot be opened: No such file or directory (2). Restore from backup! which indicates that /var/lib/univention-ldap/ldap/data.mdb is missing. On the DC Master that file is supposed to be created by management/univention-ldap/01univention-ldap-server-init.inst, on all other system roles I found no explicit `slapadd` except in "base/univention-system-setup/usr/lib/univention-system-setup/scripts/10_basis/14ldap_basis". If I manually start > slapd -f /etc/ldap/slapd.conf -d 1 the missing file is created and afterwards `slaptest` and `slapschema` run fine. For some yet unknown reason starting the LDAP server slapd seems to fail; I checked the init script and it only runs "slapschema" *after* slapd has been started, but maybe something other prevents the slapd from starting. $ journalctl -u slapd.service shows the following interesting events: First Bug #41782 hits: >15:26:06 slapd[9469]: Starting ldap server(s): slapd ...failed. >15:26:06 slapd[9469]: ... 5b7186ee /etc/ldap/slapd.conf: line 118: unknown attr "@univentionVirtualMachine" in to clause ... >15:26:06 systemd[1]: slapd.service: control process exited, code=exited status=1 The the subsequent start fails because the LMDB files are missing: >15:26:09 slapd[9546]: Starting ldap server(s): slapd ...failed. >15:26:09 slapd[9546]: ... 5b7186f1 mdb_db_open: database "dc=im,dc=dew,dc=ngo" cannot be opened: No such file or directory (2). Restore from backup! ... >15:26:09 systemd[1]: slapd.service: control process exited, code=exited status=1 But I have no idea why that process does not create the missing file itself.
slapd failed to start because the client TLS certificate was empty (0 bytes). Creating certificates on the master failed because of an empty /etc/univention/ssl/ucsCA/serial file (reason unknown) Afterwards the join failed again because the first start of slapd tried to apply the /var/lib/univention-directory-replication/failed.ldif from the previous run. (→ Bug #47603)
This issue has been filed against UCS 4.2. UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.